A hacker who calls himself “Peace” is offering to sell the email addresses and passwords of more than 115 million LinkedIn users, apparently from a 2012 hack.
Peace wants about $2,200. In bitcoin.
LinkedIn thought only 6.5 million addresses had been exposed in the 2012 attack, data from which was later dumped on a Russian hacker forum.
In response to Peace’s offer, LinkedIn says it’s working to validate the accounts and contact affected users so they can reset their passwords on the site, according to Motherboard.
If you had an account at the time of the 2012 breach, haven’t changed your password and use it for other sites, you probably don’t want to wait to hear from them.
LinkedIn says that it has increased its security measures in the years since the breach, by introducing stronger encryption, email challenges and two-factor authentication. The full text of the LinkedIn statement is below:
In 2012, LinkedIn was the victim of an unauthorized access and disclosure of some members’ passwords. At the time, our immediate response included a mandatory password reset for all accounts we believed were compromised as a result of the unauthorized disclosure. Additionally, we advised all members of LinkedIn to change their passwords as a matter of best practice.
Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach.
We take the safety and security of our members’ accounts seriously. For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We encourage our members to visit our safety center to learn about enabling two-step verification, and to use strong passwords in order to keep their accounts as safe as possible.